Access control models may be used to ensure that information is modified or accessed only in authorized ways and by authorized people. A basic unit of access control is known as an access control triple (AC-triple). An AC-triple is a combination of information identifying a subject (e.g., a user's account), an object (e.g., a resource or computer system), and an operation (e.g., an action to be performed). Accordingly, an AC-triple may permit a subject to perform an operation on an object.
Role based access control (RBAC) allows users to be assigned to roles based on the user's competencies, authorities, and responsibilities. System administrators may specify access requirements to objects at a same level of abstraction as typical business processes in an enterprise instead of specifying permission on a per AC-triple basis.